logon to 2003 AD fails with "KDC reply did not match expectations"
Klavs Klavsen
kl at vsen.dk
Thu Feb 24 09:40:40 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi.
I'm pulling my hair out here - I've tried everything I can think off :(
I'm trying to use kinit (and also mod_auth_kerb) but it (also
mod_auth_kerbV5) fails with this message:
kinit(v5): KDC reply did not match expectations while getting initial
credentials
(and mod_auth_kerb says: krb5_get_init_creds_password() failed: KDC
reply did not match expectations)
In the AD it says event ID 675, Failure Code 0x19.
I'm using MIT-krb 1.3.6 on freebsd-4.11 and also on Gentoo Linux (tried
from both).
I've followed this guide:
http://support.microsoft.com/?kbid=555092
and also tried this one:
http://www.onlamp.com/lpt/a/4171
All google finds, is capitalization problems, but I can find none :(
my krb5.conf looks like this:
[libdefaults]
~ default_tkt_enctypes = des-cbc-crc; des-cbc-md5
~ default_tgs_enctypes = des-cbc-crc; des-cbc-md5
~ ticket_lifetime = 24000
~ default_realm = EXAMPLEDK
~ dns_lookup_realm = false
~ dns_lookup_kdc = false
[realms]
~ EXAMPLEDK = {
~ kdc = ip.of.kdc.1:88
~ }
[domain_realm]
~ .dk.example.net = EXAMPLEDK
~ dk.example.net = EXAMPLEDK
[appdefaults]
~ pam = {
~ debug = false
~ ticket_lifetime = 36000
~ renew_lifetime = 36000
~ forwardable = true
~ krb4_convert = false
~ }
All ideas are most welcome.
- --
Regards,
Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk
PGP: 7E063C62/2873 188C 968E 600D D8F8 B8DA 3D3A 0B79 7E06 3C62
"Those who do not understand Unix are condemned to reinvent it, poorly."
~ --Henry Spencer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFCHednPToLeX4GPGIRAnieAKCoo1KYCyHyusZdJY+ywVs7wmMNMQCeNiOy
adKsDMQkJsX32/4cHisp8Ys=
=uikP
-----END PGP SIGNATURE-----
More information about the Kerberos
mailing list